Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

SWIFT Warns Banks Of More Cyberattacks

Banks face persistent, sophisticated and sustained cyberattacks from hackers looking to exploit the SWIFT messaging network, according to reports.

Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions.

The letter told clients that SWIFT customer “environments” have been compromised and that the possibility of a “threat is persistent, adaptive and sophisticated – and it is here to stay,” according to the Reuters.

The letter said attackers were attempting to use customer environments to send fraudulent payment instructions for SWIFT-enabled transfers. The letter informed clients that the attempted thefts surfaced in June and that cybercriminals had stolen an undisclosed sum of money from a number of different unnamed victims.

SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunication, is a private network used by financial organizations to send and receive transactions.

While details are scant on the most recent attacks, SWIFT said weak local security that allowed attackers to compromise networks and send bogus messages requesting bank transfers was the common thread between attacks.

Since the February theft, SWIFT has been stepping up efforts to prod banks to tighten security. Earlier this month SWIFT announced a security tools campaign that introduced an updated two-factor authentication system in its products to help customers protect access to SWIFT interfaces.

In the letter obtained by Reuters and sent to clients, SWIFT reiterated a call for banks to improve authentication systems. Additionally, SWIFT threatened banks with an ultimatum to update to the latest version of the SWIFT software by a Nov. 19 deadline or risk being reported to regulators and banking partners.

“What is surprising is the omission from some so closely associated with the organization that SWIFT failed to address end user risk much sooner,” said Mark McArdle CTO of security firm eSentire in a prepared statement. “End user risk isn’t something new; attackers commonly use smaller organizations as gateways to larger targets (like the HVAC supplier exploited in the 2014 Target attack).”

In the case of February’s Bangladeshi Bank heist, attackers used stolen credentials to access the SWIFT network and injected malware into the bank’s implementation of the network to transfer money to accounts in the Philippines. It has been reported that the bank was not running a firewall and was using $10 commodity switches to manage computers connected to the SWIFT network.

In May, SWIFT warned of an attack against Vietnam’s Tien Phong Bank. SWIFT said the attack vector was malware targeting a PDF reader used by banks to check statement messages, in particular payment confirmations via PDF. Again in May, Banco del Austro SA in Ecuador said hackers exploited the SWIFT protocol steal money. Later that month, SWIFT issued a statement to banks warning its users that fraud continues to be a major problem, and reassuring them that the security of the SWIFT network remains intact.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.